SessionID implemented

.clients_keys

@@ -12,3 +12,17 @@ fd05a547-8032-450c-a0f1-6a204aa1288e -n2gtRIBrlDpRisHeno-1pxYLXn5muuct7CHuJXCsbI
 20a03a39-d9f0-495b-ae38-016e3350ede3 78J-gIZ710ozVxg4Iu4S9r3olhZCMtcKYRC3_H4hCxU= 0
 9c5b6d7c-6317-4db1-a14a-d4be911ef45f u4SdDIORALLuPoKtJ076rZzpJk1ZiUCRWERZwQdNsxY= 0
 f6325f18-2909-4665-b681-a0f764fa6c68 _d0ywQ34kEgiRopLnr8R8RDjjDLbH7JTZJp1_FkwgWw= 0
+5dfb41b5-edfa-487b-a000-11f4fc7eb191 DBVK8tjl3vMe08QrSYEWTJb3UOhtCH2A2Gj7xpiqHVs= 0
+2822aedb-22c6-4063-880e-5daddc6f4789 fyH3UTGRpaztPFiLuBezND3-1OrwpgTsj7uemxzTKrs= 0
+05d79777-9f0f-46b8-b69a-67024a37d9e4 XyNF4tFsFb6WgPBybLBLvensO0fglO371E-AGlaGqCI= 0
+f0bf481d-71c6-4f2d-8881-13afdd8901f0 UkS-005VTwKUMnm2mDAHd-y_wsnfqvL8e4N7OxyGcW8= 0
+c3c91ea4-bc4a-424a-a8fc-3daeb0c94002 NTEQ0pW5mImMGwsvnDTPIsmgZv5h95iKrfIjyCdsRI0= 0
+82f0b861-54e5-4cad-a55e-71c0857ac410 nmxMpRZYhhQX5JmsD4AK2Y_CZlFN4Bo6HlO0sbLKwc0= 0
+89982b07-b9c3-4d4a-b31e-88672b06d526 E6jPdbcKhygBLsKjiXg0onftF-6XNv5q6sA_dSoLzJw= 0
+6c584e84-0a4a-4e1f-9e38-c58f740b3303 VCLE6cBO3qT-lQ2zrYoXYI8vnJuHLrvb_CCEC_P56ow= 0
+24bd5c2a-8f30-4a8f-999a-22532a2bb42c v4u0W88oesXaSCBE81dgMwLQDdf1zsvmiS63xG4vo-0= 0
+ca902056-92e8-4a63-8498-382003098cdf tO3N2oc7C_Pwhdcp6g3XcC-IR4yAw8CHQ5FOmkce2AA= 0
+3543e331-a8d3-42a0-9e25-c1b4349c8682 JuVYT6cTJ-vJgcfeBeVU4dxt3x5sLEqG2kgdc1E5nkA= 0
+8f5807f5-28c4-494c-b961-6c59c556733d T1kflpNULJtgoyjcgF10OM3jDWZ3gN3hWhS3S1x9GbU= 0
+ee0b2669-63e8-4aa3-ac22-039f0c70188e XEzFplSYOZFjVUBU1YTWuz64dsBwxH3PgblNr7wxzAc= 0
+bb0e3173-4df3-4b39-95b8-9214bda026f7 lxhvklnDrhayi14jSq6_4wMbODuaNYezwCW7rI7N-s4= 0

client_test_3.py

@@ -11,6 +11,7 @@ from cryptography.hazmat.primitives import serialization
 # Home made RSA Utils 
 from utils.rsa_tenamortech_utils import * 
 from utils.client_keys_manager import * 
+from utils.symmetric_keys_manager_1 import * 
 
 host = socket.gethostname() 
 port = 2004
@@ -30,19 +31,46 @@ def de_serialize_pub_key(public_key_pem):
 while MESSAGE != 'exit':
     data = tcpClientA.recv(BUFFER_SIZE) 
     if not got_pub_key_server: 
+        print("[DEBUG] Checking for SessionID [ ... ]")
+        (session_id,symmetric_key,public_key_server) = reload_session_by_host(host)
+        print("[DEBUG] Checking for SessionID [ OK ]")
+        if(session_id != -1): 
+            tcpClientA.send(encrypt_msg(session_id.encode('utf-8'), public_key_server))
+            got_pub_key_server = True  
+            print("[DEBUG] SessionID Found ! [ OK ]")
+        else:  
+            #if find sessionID load it and negociate with server
+            #else send public key ...  
+            print("[DEBUG] Receiving Server Public Key [ ... ]")
             public_key_server = de_serialize_pub_key(data) 
             got_pub_key_server = True  
+            print("[DEBUG] Receiving Server Public Key [ OK ]")
             # Now we have the pub key of the server, we will send our pub key too 
-        #encrypted_public_key = encrypt_msg(public_key_pem, public_key_server) 
-        #encrypted_public_key = encrypt_msg(bytes("test123456789000000000000000000000000000iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii000", 'utf-8'), public_key_server) 
-        print("Server public key received")
-        print("Sending current client public key [ ... ] ")
+            print("[DEBUG] Sending current Client Public Key [ ... ] ")
             tcpClientA.send(public_key_pem)
-        print("Sending current client public key [ OK ] ") 
+            print("[DEBUG] Sending current Client Public Key [ OK ] ")
+            print("[DEBUG] Waiting for new Symmetric Key and New SessionID [ ... ] ") 
+            data = tcpClientA.recv(BUFFER_SIZE) 
+            new_symmetric_key_and_session_id = decrypt_msg(data, private_key) 
+            new_symmetric_key_and_session_id = new_symmetric_key_and_session_id.decode('utf-8')
+            new_symmetric_key_and_session_id = new_symmetric_key_and_session_id.split('|')
+            new_symmetric_key = new_symmetric_key_and_session_id[0] 
+            new_session_id    = new_symmetric_key_and_session_id[1] 
+            
+            print("[DEBUG] Waiting for new Symmetric Key and New SessionID [ OK ] ") 
+            print("[DEBUG] Symmetric Key: [" + str(new_symmetric_key) + "]") 
+            print("[DEBUG] SessionID    : [" + new_session_id + "]") 
+            
+            print("[DEBUG] Saving basic HandShake infos [ ... ] ")
+            save_sym_key_by_host(host, new_session_id, new_symmetric_key, public_key_server) 
+            print("[DEBUG] Saving basic HandShake infos [ OK ] ")
+        data = tcpClientA.recv(BUFFER_SIZE)
+        decrypted_data = decrypt_msg(data, private_key)
+        print(decrypted_data.decode('utf-8')) 
         
     else:  
         print(" Client2 received data:", data) 
-        MESSAGE = input("tcpClientA: Enter message to continue/ Enter exit:").encode('utf-8') 
-        tcpClientA.send(MESSAGE)     
+        MESSAGE = input("Working !").encode('utf-8') 
+        tcpClientA.send(encrypt_msg(MESSAGE, public_key_server))     
 
 tcpClientA.close() 

server_test_3.py

@@ -1,7 +1,8 @@
 import socket 
 from threading import Thread 
 from socketserver import ThreadingMixIn 
-from utils.keys_manager_1 import *  
+#from utils.keys_manager_1 import *  
+from utils.server_keys_manager import *  
 from utils.symmetric_keys_manager_1 import *
 from utils.rsa_tenamortech_utils import *
 # --- Init keys --- 
@@ -40,6 +41,7 @@ class ClientThread(Thread):
                     msg = decrypt_msg(data, private_key)
                     if(len(msg) == 36): # SessionID length should be 36 char.
                         print("[DEBUG] SessionID format looks correct [ ~ ]")
+                        print("[DEBUG] (Given SessionID: [" + msg.decode('utf-8') + "]")
                         session_id = msg
                         (symmetric_key,public_key_client) = reload_session_sym_key(session_id) 
                         
@@ -48,23 +50,29 @@ class ClientThread(Thread):
                         if(symmetric_key == -1): 
                             print("[DEBUG] Waiting for SessionID validation [ FAIL ]") 
                             print("[DEBUG] Invalid SessionID, will now abort negociation [ FAIL ]") 
+                            conn.close() 
                             break 
                         else: 
                             able_to_retrieve_session_id = True 
                             print("[DEBUG] Waiting for SessionID validation [ OK ]") 
                             print("[DEBUG] SessionID is valid, symmetric_key and current Client Public key were retrieved successfully")  
                             print("[DEBUG] I'm all yours... [ :) ]")  
+                            conn.send(encrypt_msg("login:".encode('utf-8'), public_key_client))  
                             # --- SessionID that the client sent is valid, we got all the required infos
                 # --- Client sent did not send sessionID but sent his public Key 
                 # --- Create a new session for it, (gen sessionID, create new symmetric Key, store his public key) 
                 if able_to_retrieve_session_id == False:
                     print("[DEBUG] No existing Session, will now initiate new Session [ ... ]")  
                     # --- This function will create a sessionID, return a symmetric key and store the pub key
-                    symmetric_key = gen_sym_key_and_save(public_key_client) 
-                    print("[DEBUG] No existing Session, will now initiate new Session [ OK ]") 
+                    (symmetric_key,session_id) = gen_sym_key_and_save(public_key_client)
+                    print("[DEBUG] Sending encrypted Symmetric Key to Client [ ... ]") 
+                    sym_key_and_session_id = (str((symmetric_key).decode('utf-8')) + "|" + session_id).encode('utf-8')  
+                    conn.send(encrypt_msg(sym_key_and_session_id, public_key_client))
+                    print("[DEBUG] Sending encrypted Symmetric Key to Client [ OK ]") 
                     print("[DEBUG] I'm all yours... [ :) ]")
+                    conn.send(encrypt_msg("login:".encode('utf-8'), public_key_client))  
                     
-            print("Server received data:", data) 
+            #print("Server received data:", data) 
             MESSAGE = input("Multithreaded Python server : Enter Response from Server/Enter exit:").encode('utf-8') 
             if MESSAGE == 'exit':
                 break

utils/client_keys_manager.py

@@ -72,4 +72,4 @@ def check_for_existing_keys():
         print('Find private key from file [ FAIL ]')
         print('New keys will be generated')
         return generate_keys(1) 
-check_for_existing_keys() 
+#check_for_existing_keys() 

utils/server_keys_manager.py

@@ -25,7 +25,7 @@ from cryptography.hazmat.primitives import serialization
 from pathlib import Path
 
 # Home made RSA Keys lib 
-from rsa_tenamortech_utils import * 
+from utils.rsa_tenamortech_utils import * 
 
 def check_for_existing_keys():
     keys_dir_path = Path.home() / '.auth_server_test' / 'server' 
@@ -72,4 +72,4 @@ def check_for_existing_keys():
         print('Find private key from file [ FAIL ]')
         print('New keys will be generated')
         return generate_keys(0) 
-check_for_existing_keys() 
+#check_for_existing_keys() 

utils/symmetric_keys_manager_1.py

@@ -10,71 +10,134 @@ from pathlib import Path
 # Home made RSA Keys lib 
 from utils.rsa_tenamortech_utils import *
 
+
 def gen_rand_session_id(): 
     return str(uuid.uuid4()) 
 
+# --- Used by Server 
 def gen_sym_key_and_save(public_key_client): 
     key = Fernet.generate_key() 
 
-    root_file_path = '.auth_server_test/'
-    path = root_file_path + 'server'
-    path_clients_pub_keys = root_file_path + 'server/clients_pub_keys'      
+    root_file_path = Path.home() / '.auth_server_test/server'
+    path_public_keys_clients = root_file_path / 'public_keys_clients'      
+    # Path exists ? If not we will create it 
+    path_public_keys_clients.mkdir(exist_ok=True)
 
     session_id = gen_rand_session_id() 
  
-    file = open('.clients_keys', 'ab') # changed from 'wb' to 'w+' ... 
+    file = open(str(root_file_path) + '/.known_clients', 'ab') # changed from 'wb' to 'w+' ... 
     file.write((session_id + " ").encode('utf-8'))  
     file.write(key + (" ").encode('utf-8')) # The key is type bytes still
     file.write(('0\n').encode('utf-8')) 
     file.close() 
 
     # --- Store the client public Key for next time.
-    # --- Public keys are stored in '.auth_server_test/server/clients_pub_keys/session_id.pub'
-    keys_dir_path = Path.home() / path_clients_pub_keys  
-    # Path exists ? If not we will create it 
-    keys_dir_path.mkdir(exist_ok=True)
-    
+    # --- Public keys are stored in '.auth_server_test/server/pubilic_keys_clients/session_id.pub'
     public_key_client_pem = public_key_serializer(public_key_client) 
-    key_path = keys_dir_path / (str(session_id) + '.pub') 
+    key_path = path_public_keys_clients / (str(session_id) + '.pub') 
 
     with open(str(key_path), 'wb') as f:
         f.write(public_key_client_pem) 
     
-    return key  
+    return (key,session_id)  
 
+# --- Used by server
 def reload_session_sym_key(sessionid):
-    root_file_path = '.auth_server_test/'
-    path = root_file_path + 'server/' 
-    path_clients_pub_keys = path + 'clients_pub_keys/'
-    filename='.clients_keys' 
+    root_file_path = Path.home() / '.auth_server_test/server'
+    path_public_keys_clients = root_file_path / 'public_keys_clients'      
+    # Path exists ? If not we will create it 
+    path_public_keys_clients.mkdir(exist_ok=True)
     
     session_id_found = False 
     
     # --- Open session file
-    with open(filename) as f:
+    with open(str(root_file_path) + "/.known_clients") as f:
         line = f.readline().rstrip() 
         while(line and session_id_found == False): 
             # each line contains (session_id, sym_key, sym_key_nb_use) 
             # Those infos are spaced with "space" char, so we use 'split' fuction to get an array 
             cur_client_infos = line.split() 
             # If we find the given sessionID: 
-            if(cur_client_infos[0] == sessionid): # cur_client_info[0] is the session_id stored in the cur line 
+            #print(cur_client_infos[0] + "|" + sessionid.decode('utf-8'))
+            if(cur_client_infos[0] == sessionid.decode('utf-8')): # cur_client_info[0] is the session_id stored in the cur line  
                 session_id_found = True  
             line = f.readline().rstrip() 
     
     # --- We found the given sessionID, so we will now load the corresponding client public key we previously stored.
     if session_id_found == True: 
-        with open(str(path_clients_pub_keys + cur_client_infos[0] + '.pub'), "rb") as key_file:
+        with open(str(path_public_keys_clients) + "/" + cur_client_infos[0] + '.pub', "rb") as key_file:
             public_key_client = serialization.load_pem_public_key(
                 key_file.read(),
                 backend=default_backend()
             )
         # --- Return the Symmetric Key used with this client and the PEM formated client public Key 
-        return (cur_client_infos[1],public_key_client_pem) 
+        return (cur_client_infos[1],public_key_client) 
     else: 
         # Return Error tuple 
-        return (-1,'')
+        return (-1,-1) 
 
+
+# --- Used by client
+def reload_session_by_host(host): 
+    root_file_path = Path.home() / '.auth_server_test/client'
+    path_public_keys_servers = root_file_path / 'public_keys_servers'      
+    # Path exists ? If not we will create it 
+    path_public_keys_servers.mkdir(exist_ok=True)
+    
+    host_found = False 
+    
+    # --- Open session file
+    with open(str(root_file_path) + "/.known_hosts") as f:
+        line = f.readline().rstrip() 
+        while(line and host_found == False): 
+            # each line contains (host session_id, sym_key) 
+            # Those infos are spaced with "space" char, so we use 'split' fuction to get an array 
+            cur_server_infos = line.split() 
+            # If we find the given host: 
+            if(cur_server_infos[0] == host): # cur_client_info[0] is the host stored in the cur line 
+                host_found = True  
+            line = f.readline().rstrip() 
+    
+    # --- We found the given host, so we will now load the corresponding server public key we previously stored.
+    if host_found == True: 
+        with open(str(path_public_keys_servers) + "/" + cur_server_infos[1] + '.pub', "rb") as key_file:
+            public_key_server = serialization.load_pem_public_key(
+                key_file.read(),
+                backend=default_backend()
+            )
+        # --- Return the SessionID, the Symmetric Key and the PEM formated server public Key used with this server
+        return (cur_server_infos[1], cur_server_infos[2], public_key_server) 
+    else: 
+        # Return Error tuple 
+        return (-1,-1,-1) 
+        
+
+# --- Used by client 
+def save_sym_key_by_host(host, session_id, sym_key, public_key_server): 
+    root_file_path = Path.home() / '.auth_server_test/client'
+    path_public_keys_servers = root_file_path / 'public_keys_servers'      
+    # Path exists ? If not we will create it 
+    path_public_keys_servers.mkdir(exist_ok=True)
+    
+    line_to_add = str(host) + " " + session_id + " " + sym_key
+    # dont forget to save public key server in separate file !
+    
+    file = open(str(root_file_path) + '/.known_hosts', 'ab') # changed from 'wb' to 'ab' ... 
+    file.write(line_to_add.encode('utf-8'))  
+    file.write(('\n').encode('utf-8')) 
+    file.close() 
+
+    # --- Store the server public Key for next time.
+    # --- Public keys are stored in '.auth_server_test/client/public_keys_servers/session_id.pub'
+    public_key_server_pem = public_key_serializer(public_key_server) 
+    key_path = path_public_keys_servers / (str(session_id) + '.pub') 
+
+    with open(str(key_path), 'wb') as f:
+        f.write(public_key_server_pem) 
+   
+ 
+
+# --- Used by Client and Server     
 def encrypt_msg_symmetric(msg, key): 
     msg = msg.encode() 
     f_key = Fernet(key)